Blogrotate #16: The Weekly Roundup of News for System Administrators
Feb 12, 2010 / By Tim Inkpen
Welcome to another edition of Blogrotate. This has been an interesting week in the IT world, with Microsoft security issues being the major focus of attention.
Once again, security flaws in Microsoft Operating Systems caused major problems for system administrators this past week. It began with Microsoft’s Security Response Center’s posting of February’s security bulletin.
Microsoft’s attempt’s to fix a 17-year-old bug resulted in a large number of computers having problems restarting. More information can be found here Restart issues after installing MS10-015 and Security patch results in BSOD, stops Windows from booting. It appear that this issue may have been caused by machines being previously infected by a rootkit
Another patch from Microsoft, the reliability update for Windows 7 and Windows Server 2008 R2, turned out to be not so… reliable.
But what was of most concern to many system administrators was Microsoft’s security advisory concerning a vulnerability in the TLS and SSL protocols, since this affects not only the Microsoft Windows operating system but as TLS/SSL are an Internet standard, multiple vendors. Emil Protalinski at Ars Technica provides full coverage of the TLS/SSL flaw in Windows.
Just to prove that Microsoft is not the only one with security problems, Ryan Paul at Ars Technica has an interesting article about a hack announced at Black Hat where a researcher was able to circumvent a Trusted Platform Module (TPM) component. Although it requires physical access, it does prove that even hardware-based protection mechanisms considered “unhackable” are indeed still vulnerable. Here are a second and third link for further reading: Supergeek pulls off ‘near impossible’ crypto chip hack; and Researcher Cracks Security Of Widely Used Computer Chip.
Rumours that Microsoft was interested in purchasing RIM caused a stir this week.
The big news on the training front was that Novell and Canonical are joining forces to bolster Linux Certification and training efforts to compete with Red Hat.
More from Ubuntu, with Canonical’s new COO Matt Asay speculating that the Apple iPad is attempting to bring about a new paradigm where the operating system is largely invisible to the user and the applications themselves are the operating system.
Computerworld’s Eric Lai had interesting article discussing the announcement of Ksplice Uptrack. It provides an overview of what the service is and raises concerns about security compliance, support from major vendors, and funding.
Facebook’s previously undocumented chat protocol now supports Jabber/XMPP, so a user may now communicate with contacts via third-party IM clients such as AIM, Pidgin, and so on. Facebook 24/7 anyone?
This wraps up another episode of Blogrotate. See you next week, same Blogrotate channel, same Blogrotate time.